1 / 18

Playing Safely in the Cloud

Playing Safely in the Cloud Marie Greenberg, CISSP, IAM, IEM Information Security Manager Virginia State Corporation Commission “Come into my parlor.” said the spider to the fly.

richard_edik
Télécharger la présentation

Playing Safely in the Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Playing Safely in the Cloud Marie Greenberg, CISSP, IAM, IEM Information Security Manager Virginia State Corporation Commission

  2. “Come into my parlor.” saidthe spider to the fly. Every day, government agencies are moving business practices from the physical realm into the cloud. Pay your taxes, renew your drivers license, incorporate your small business, order your birth certificate, look up a state employee… As a public entity we have certain responsibilities to the citizens of Virginia. The public looks to us for guidance and assumes that the service we are providing is secure.

  3. What can we do to make “Playing Safely in the Cloud” a reality for our Citizens? Assure the public that we have a secure site for them to conduct e-government business. Require all users to register on our sites. Verify the identity of users.

  4. Bring awareness to the Citizens COV Citizen Awareness Banner http://www.vita.virginia.gov/security/default.aspx?id=5146 The security of your personal information is important to us! Diligent efforts are made to ensure the security of Commonwealth of Virginia systems. Before you use this Web site to conduct business with the Commonwealth, please ensure your personal computer is not infected with malicious code that collects your personal information. This code is referred to as a keylogger. The way to protect against this is to maintain current Anti-Virus and security patches. For more information on protecting your personal information online, refer to the Citizens Guide to Online Protection.

  5. Establish good Security Practices Ensure secure payment services are in place. Use a third party to evaluate the security of the web site.

  6. What can we do within our organizations to be more secure? Identify the internet threats facing us. Take ownership. Promote a ‘culture of security awareness’. Create and maintain a security policy.

  7. Take steps to protect our systems and data. Keep software up-to-date. Develop a disaster recovery plan. Be proactive.

  8. Playing Safely in the Cloud Online Identity Management Web Application Security Steve Werby Information Security Officer Virginia Commonwealth University

  9. Anything you upload to a public website is not private – it's public.

  10. Email Address Identity Theft Phishing First Name Last Name Alias Colleges Degrees Employers Job Titles Email Address Friends Colleagues Alias Email Address Interests Email Address City / State Email Address Interests Activities Friends Age Website Reconnaissance First Name Last Name Email Address Birthday Street Address City / State Phone Number Website Marital Status Colleges Degrees Friends Alias City / State Friends Colleagues Website First Name Last Name Alias Age City / State Website Marital Status Friends Interests Activities First Name Last Name Friends Colleagues Interests Activities Social Engineering

  11. Aggregate social network data • Your personal lifestream • Your connections' lifestreams

  12. Is the concept of privacy outdated?

  13. Manage your identity Make informed decisions Voice your concerns See #1

  14. Web 2.0 SaaS 3G, 802.11n, mesh Russian Business Network, Rock Phish Cybercrime‏ IE, Firefox, Chrome, Safari, Opera HIPAA, PCI, GLBA, FACTA, FERPA Phishing, Smishing, Vishing Blackberry, iPhone, Windows Mobile AJAX

  15. Injection Flaws Malicious File Execution Failure to Restrict URL Access Insecure Direct Object Reference Cross Site Scripting (XSS)‏ Information Leakage / Improper Error Handling Cross Site Request Forgery (CSRF)‏ Insecure Communications Insecure Cryptographic Storage Broken Authentication and Session Management

  16. Know your web applications Know your data Secure EVERYTHING Educate, educate, EDUCATE

More Related